Privacy & Ex Libris
Should you have questions about how we safeguard your privacy, contact our Privacy Officer, Ellen Amsel (CIPM, CISSP, CISM, CISA), at firstname.lastname@example.org
Session & User Input Cookies
When you register with an Ex Libris site, we generate cookies that signal whether you are signed in. Our servers use these cookies to know which account you are signed in with, and if you are allowed access to a particular service. They also allow us to associate any comments you post with your username. If you have not selected “keep me signed in,” your cookies are deleted when you either close your browser or shut down your computer.
The General Data Protection Regulation (GDPR)
On May 25, 2018, a new privacy law called the General Data Protection Regulation (GDPR) began to apply in the European Union (EU). The GDPR replaces the Data Protection Directive (the Directive) which has been in effect since 1995. While the GDPR preserves many of the principles established in the Directive, the GDPR gives individuals greater control over their personal data and imposes many new obligations on organizations that collect, handle, or process personal data.
Ex Libris is committed to GDPR compliance. We have closely analyzed the requirements of the GDPR, and our engineering, product, security and legal teams have been working to align our procedures, documentation, contracts, and services to support compliance with the GDPR. We also support our customers during their GDPR compliance journey with our strong foundation of implemented security and privacy frameworks and certified security and privacy controls.
Data Processing Addendum
As part of Ex Libris efforts to prepare for the GDPR, Ex Libris has published a Data Processing Addendum (DPA) for each of our product groups to incorporate the appropriate terms required by the GDPR into the relevant customer agreements. The DPAs have been created under the supervision of EU privacy experts and are designed to comply with the GDPR and to reflect the specific details of the data processing activities within Ex Libris’ services. All customers that are processing personal data that is subject to the GDPR through Ex Libris services should download, sign, and return the appropriate product DPA to allow both the customer and Ex Libris to comply with the DPA requirements of the GDPR.
EU-US and Swiss-US Privacy Shield Frameworks
Ex Libris complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Ex Libris has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.
To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov
ISO 27018:2014 Certified – Protection of Personally Identifiable Information
This ISO standard establishes commonly accepted control objectives, controls, and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
Ex Libris complies with this standard and is ISO 27018 certified. This standard was originally published in 2014, and Ex Libris has been certified since 2016.